/*      */ package com.zimbra.cs.util;
/*      */ 
/*      */ import com.zimbra.common.account.Key.ServerBy;
/*      */ import com.zimbra.common.service.ServiceException;
/*      */ import com.zimbra.common.util.CliUtil;
/*      */ import com.zimbra.common.util.Log;
/*      */ import com.zimbra.common.util.LogFactory;
/*      */ import com.zimbra.common.util.StringUtil;
/*      */ import com.zimbra.cs.account.Entry;
/*      */ import com.zimbra.cs.account.NamedEntry;
/*      */ import com.zimbra.cs.account.NamedEntry.Visitor;
/*      */ import com.zimbra.cs.account.Provisioning;
/*      */ import com.zimbra.cs.account.Server;
/*      */ import com.zimbra.cs.account.ldap.LdapProv;
/*      */ import java.io.BufferedReader;
/*      */ import java.io.BufferedWriter;
/*      */ import java.io.File;
/*      */ import java.io.FileReader;
/*      */ import java.io.FileWriter;
/*      */ import java.io.IOException;
/*      */ import java.io.PrintStream;
/*      */ import java.net.Inet4Address;
/*      */ import java.net.Inet6Address;
/*      */ import java.net.InetAddress;
/*      */ import java.net.UnknownHostException;
/*      */ import java.util.ArrayList;
/*      */ import java.util.Collections;
/*      */ import java.util.HashMap;
/*      */ import java.util.HashSet;
/*      */ import java.util.Iterator;
/*      */ import java.util.List;
/*      */ import java.util.Map;
/*      */ import java.util.Set;
/*      */ import java.util.SortedSet;
/*      */ import java.util.TreeSet;
/*      */ import java.util.regex.Matcher;
/*      */ import java.util.regex.Pattern;
/*      */ import org.apache.commons.cli.CommandLine;
/*      */ import org.apache.commons.cli.CommandLineParser;
/*      */ import org.apache.commons.cli.GnuParser;
/*      */ import org.apache.commons.cli.HelpFormatter;
/*      */ import org.apache.commons.cli.Option;
/*      */ import org.apache.commons.cli.Options;
/*      */ import org.apache.commons.cli.ParseException;
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ public class ProxyConfGen
/*      */ {
/*      */   private static final int DEFAULT_SERVERS_NAME_HASH_MAX_SIZE = 512;
/*      */   private static final int DEFAULT_SERVERS_NAME_HASH_BUCKET_SIZE = 64;
/* 1690 */   private static Log mLog = LogFactory.getLog(ProxyConfGen.class);
/* 1691 */   private static Options mOptions = new Options();
/* 1692 */   private static boolean mDryRun = false;
/* 1693 */   private static String mWorkingDir = "/opt/zimbra";
/* 1694 */   private static String mTemplateDir = mWorkingDir + "/conf/nginx/templates";
/* 1695 */   private static String mConfDir = mWorkingDir + "/conf";
/* 1696 */   private static String mIncDir = "nginx/includes";
/* 1697 */   private static String mDomainSSLDir = mConfDir + File.separator + "domaincerts";
/* 1698 */   private static String mSSLCrtExt = ".crt";
/* 1699 */   private static String mSSLKeyExt = ".key";
/* 1700 */   private static String mSSLClientCertCaExt = ".client.ca.crt";
/* 1701 */   private static String mDefaultSSLCrt = mConfDir + File.separator + "nginx.crt";
/* 1702 */   private static String mDefaultSSLKey = mConfDir + File.separator + "nginx.key";
/* 1703 */   private static String mDefaultSSLClientCertCa = mConfDir + File.separator + "nginx.client.ca.crt";
/* 1704 */   private static String mConfIncludesDir = mConfDir + File.separator + mIncDir;
/* 1705 */   private static String mConfPrefix = "nginx.conf";
/* 1706 */   private static String mTemplatePrefix = mConfPrefix;
/* 1707 */   private static String mTemplateSuffix = ".template";
/* 1708 */   private static Provisioning mProv = null;
/* 1709 */   private static String mHost = null;
/* 1710 */   private static Server mServer = null;
/* 1711 */   private static boolean mGenConfPerVhn = false;
/* 1712 */   private static Map<String, ProxyConfVar> mConfVars = new HashMap();
/* 1713 */   private static Map<String, String> mVars = new HashMap();
/*      */   
/*      */   static List<DomainAttrItem> mDomainReverseProxyAttrs;
/*      */   
/*      */   static final String ZIMBRA_UPSTREAM_NAME = "zimbra";
/*      */   
/*      */   static final String ZIMBRA_UPSTREAM_WEBCLIENT_NAME = "zimbra_webclient";
/*      */   
/*      */   static final String ZIMBRA_SSL_UPSTREAM_NAME = "zimbra_ssl";
/*      */   static final String ZIMBRA_SSL_UPSTREAM_WEBCLIENT_NAME = "zimbra_ssl_webclient";
/*      */   static final String ZIMBRA_ADMIN_CONSOLE_UPSTREAM_NAME = "zimbra_admin";
/*      */   static final String ZIMBRA_ADMIN_CONSOLE_CLIENT_UPSTREAM_NAME = "zimbra_adminclient";
/*      */   static final String ZIMBRA_UPSTREAM_EWS_NAME = "zimbra_ews";
/*      */   static final String ZIMBRA_SSL_UPSTREAM_EWS_NAME = "zimbra_ews_ssl";
/*      */   static final String ZIMBRA_UPSTREAM_LOGIN_NAME = "zimbra_login";
/*      */   static final String ZIMBRA_SSL_UPSTREAM_LOGIN_NAME = "zimbra_login_ssl";
/* 1729 */   private static Pattern cmdPattern = Pattern.compile("(.*)\\!\\{([^\\}]+)\\}(.*)", 32);
/*      */   
/*      */   static
/*      */   {
/* 1733 */     mOptions.addOption("h", "help", false, "show this usage text");
/* 1734 */     mOptions.addOption("v", "verbose", false, "be verbose");
/*      */     
/* 1736 */     mOptions.addOption("w", "workdir", true, "Proxy Working Directory (defaults to /opt/zimbra)");
/* 1737 */     mOptions.addOption("t", "templatedir", true, "Proxy Template Directory (defaults to $workdir/conf/nginx/templates)");
/* 1738 */     mOptions.addOption("n", "dry-run", false, "Do not write any configuration, just show which files would be written");
/* 1739 */     mOptions.addOption("d", "defaults", false, "Print default variable map");
/* 1740 */     mOptions.addOption("D", "definitions", false, "Print variable map Definitions after loading LDAP configuration (and processing overrides). -D requires -s upstream server. If \"-s upstream server\" is not specified, it just dumps the default varaible map");
/* 1741 */     mOptions.addOption("p", "prefix", true, "Config File prefix (defaults to nginx.conf)");
/* 1742 */     mOptions.addOption("P", "template-prefix", true, "Template File prefix (defaults to $prefix)");
/* 1743 */     mOptions.addOption("i", "include-dir", true, "Directory Path (relative to $workdir/conf), where included configuration files will be written. Defaults to nginx/includes");
/* 1744 */     mOptions.addOption("s", "server", true, "If provided, this should be the name of a valid server object. Configuration will be generated based on server attributes. Otherwise, if not provided, Configuration will be generated based on Global configuration values");
/*      */     
/* 1746 */     Option cOpt = new Option("c", "config", true, "Override a config variable. Argument format must be name=value. For list of names, run with -d or -D");
/* 1747 */     cOpt.setArgs(-2);
/* 1748 */     mOptions.addOption(cOpt);
/*      */   }
/*      */   
/*      */   private static void usage(String errmsg)
/*      */   {
/* 1753 */     if (errmsg != null) {
/* 1754 */       System.out.println(errmsg);
/*      */     }
/* 1756 */     HelpFormatter formatter = new HelpFormatter();
/* 1757 */     formatter.printHelp("ProxyConfGen [options] ", "where [options] are one of:", mOptions, "ProxyConfGen generates the NGINX Proxy configuration files");
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */   private static CommandLine parseArgs(String[] args)
/*      */   {
/* 1764 */     CommandLineParser parser = new GnuParser();
/* 1765 */     CommandLine cl = null;
/*      */     try {
/* 1767 */       cl = parser.parse(mOptions, args, false);
/*      */     } catch (ParseException pe) {
/* 1769 */       usage(pe.getMessage());
/* 1770 */       return cl;
/*      */     }
/*      */     
/* 1773 */     return cl;
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   private static List<DomainAttrItem> loadDomainReverseProxyAttrs()
/*      */     throws ServiceException
/*      */   {
/* 1788 */     if (!mGenConfPerVhn) {
/* 1789 */       return Collections.emptyList();
/*      */     }
/* 1791 */     if (!(mProv instanceof LdapProv)) {
/* 1792 */       throw ServiceException.INVALID_REQUEST("The method can work only when LDAP is available", null);
/*      */     }
/*      */     
/* 1795 */     Set<String> attrsNeeded = new HashSet();
/* 1796 */     attrsNeeded.add("zimbraVirtualHostname");
/* 1797 */     attrsNeeded.add("zimbraVirtualIPAddress");
/* 1798 */     attrsNeeded.add("zimbraSSLCertificate");
/* 1799 */     attrsNeeded.add("zimbraSSLPrivateKey");
/* 1800 */     attrsNeeded.add("zimbraReverseProxyClientCertMode");
/* 1801 */     attrsNeeded.add("zimbraReverseProxyClientCertCA");
/* 1802 */     attrsNeeded.add("zimbraWebClientLoginURL");
/*      */     
/* 1804 */     List<DomainAttrItem> result = new ArrayList();
/*      */     
/*      */ 
/*      */ 
/* 1808 */     NamedEntry.Visitor visitor = new NamedEntry.Visitor()
/*      */     {
/*      */       public void visit(NamedEntry entry) throws ServiceException {
/* 1811 */         String domainName = entry.getAttr("zimbraDomainName");
/*      */         
/* 1813 */         String[] virtualHostnames = entry.getMultiAttr("zimbraVirtualHostname");
/*      */         
/* 1815 */         String[] virtualIPAddresses = entry.getMultiAttr("zimbraVirtualIPAddress");
/*      */         
/* 1817 */         String certificate = entry.getAttr("zimbraSSLCertificate");
/*      */         
/* 1819 */         String privateKey = entry.getAttr("zimbraSSLPrivateKey");
/*      */         
/* 1821 */         String clientCertMode = entry.getAttr("zimbraReverseProxyClientCertMode");
/*      */         
/* 1823 */         String clientCertCA = entry.getAttr("zimbraReverseProxyClientCertCA");
/*      */         
/*      */ 
/*      */ 
/*      */ 
/* 1828 */         if ((virtualHostnames.length == 0) || ((certificate == null) && (privateKey == null) && (clientCertMode == null) && (clientCertCA == null)))
/*      */         {
/*      */ 
/* 1831 */           return;
/*      */         }
/*      */         
/*      */ 
/* 1835 */         boolean lookupVIP = true;
/* 1836 */         if (virtualIPAddresses.length > 0) {
/* 1837 */           if (virtualIPAddresses.length != virtualHostnames.length) {
/* 1838 */             this.val$result.add(new DomainAttrExceptionItem(new ProxyConfException("The configurations of zimbraVirtualHostname and zimbraVirtualIPAddress are mismatched", null)));
/*      */             
/*      */ 
/* 1841 */             return;
/*      */           }
/* 1843 */           lookupVIP = false;
/*      */         }
/*      */         
/*      */ 
/*      */ 
/* 1848 */         for (int i = 0; 
/*      */             
/* 1850 */             i < virtualHostnames.length; i++)
/*      */         {
/* 1852 */           String vip = null;
/* 1853 */           if (lookupVIP) {
/* 1854 */             vip = null;
/*      */           } else {
/* 1856 */             vip = virtualIPAddresses[i];
/*      */           }
/*      */           
/* 1859 */           if (!ProxyConfUtil.isEmptyString(clientCertCA)) {
/* 1860 */             ProxyConfGen.createDomainSSLDirIfNotExists();
/*      */           }
/* 1862 */           this.val$result.add(new DomainAttrItem(domainName, virtualHostnames[i], vip, certificate, privateKey, clientCertMode, clientCertCA));
/*      */         }
/*      */         
/*      */       }
/*      */       
/*      */ 
/* 1868 */     };
/* 1869 */     mProv.getAllDomains(visitor, (String[])attrsNeeded.toArray(new String[attrsNeeded.size()]));
/*      */     
/*      */ 
/* 1872 */     return result;
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   private static String loadAllClientCertCA()
/*      */   {
/* 1881 */     HashSet<String> caSet = new HashSet();
/* 1882 */     String globalCA = ProxyConfVar.serverSource.getAttr("zimbraReverseProxyClientCertCA", "");
/* 1883 */     if (!ProxyConfUtil.isEmptyString(globalCA)) {
/* 1884 */       caSet.add(globalCA);
/*      */     }
/*      */     
/* 1887 */     for (DomainAttrItem item : mDomainReverseProxyAttrs) {
/* 1888 */       if (!ProxyConfUtil.isEmptyString(item.clientCertCa)) {
/* 1889 */         caSet.add(item.clientCertCa);
/*      */       }
/*      */     }
/*      */     
/* 1893 */     StringBuilder sb = new StringBuilder();
/* 1894 */     String separator = System.getProperty("line.separator");
/* 1895 */     for (String ca : caSet) {
/* 1896 */       sb.append(ca);
/* 1897 */       sb.append(separator);
/*      */     }
/* 1899 */     if (sb.length() > separator.length()) {
/* 1900 */       sb.setLength(sb.length() - separator.length());
/*      */     }
/* 1902 */     return sb.toString();
/*      */   }
/*      */   
/*      */   public static void createDomainSSLDirIfNotExists() {
/* 1906 */     File domainSSLDir = new File(mDomainSSLDir);
/* 1907 */     if (!domainSSLDir.exists()) {
/* 1908 */       domainSSLDir.mkdirs();
/*      */     }
/*      */   }
/*      */   
/*      */   public static Key.ServerBy guessServerBy(String value)
/*      */   {
/* 1914 */     if (Provisioning.isUUID(value))
/* 1915 */       return Key.ServerBy.id;
/* 1916 */     return Key.ServerBy.name;
/*      */   }
/*      */   
/*      */   public static Server getServer(String key)
/*      */     throws ProxyConfException
/*      */   {
/* 1922 */     Server s = null;
/*      */     try
/*      */     {
/* 1925 */       s = mProv.get(guessServerBy(key), key);
/* 1926 */       if (s == null) {
/* 1927 */         throw new ProxyConfException("Cannot find server: " + key);
/*      */       }
/*      */     } catch (ServiceException se) {
/* 1930 */       throw new ProxyConfException("Error getting server: " + se.getMessage());
/*      */     }
/*      */     
/* 1933 */     return s;
/*      */   }
/*      */   
/*      */   private static String getCoreConf() {
/* 1937 */     return mConfPrefix;
/*      */   }
/*      */   
/*      */   private static String getCoreConfTemplate() {
/* 1941 */     return mTemplatePrefix + mTemplateSuffix;
/*      */   }
/*      */   
/*      */   private static String getConfFileName(String name) {
/* 1945 */     return mConfPrefix + "." + name;
/*      */   }
/*      */   
/*      */   private static String getConfTemplateFileName(String name) {
/* 1949 */     return mTemplatePrefix + "." + name + mTemplateSuffix;
/*      */   }
/*      */   
/*      */   private static String getWebHttpModeConf(String mode) {
/* 1953 */     return mConfPrefix + ".web.http.mode-" + mode;
/*      */   }
/*      */   
/*      */   private static String getWebHttpModeConfTemplate(String mode) {
/* 1957 */     return mTemplatePrefix + ".web.http.mode-" + mode + mTemplateSuffix;
/*      */   }
/*      */   
/*      */   private static String getWebHttpSModeConf(String mode) {
/* 1961 */     return mConfPrefix + ".web.https.mode-" + mode;
/*      */   }
/*      */   
/*      */   public static String getWebHttpSModeConfTemplate(String mode) {
/* 1965 */     return mTemplatePrefix + ".web.https.mode-" + mode + mTemplateSuffix;
/*      */   }
/*      */   
/*      */   public static String getClientCertCaPathByDomain(String domainName)
/*      */   {
/* 1970 */     return mDomainSSLDir + File.separator + domainName + mSSLClientCertCaExt;
/*      */   }
/*      */   
/*      */   public static String getDefaultClientCertCaPath() {
/* 1974 */     return mDefaultSSLClientCertCa;
/*      */   }
/*      */   
/*      */   public static void expandTemplate(File tFile, File wFile)
/*      */     throws ProxyConfException
/*      */   {
/* 1980 */     BufferedReader r = null;
/* 1981 */     BufferedWriter w = null;
/*      */     try {
/* 1983 */       String tf = tFile.getAbsolutePath();
/* 1984 */       String wf = wFile.getAbsolutePath();
/*      */       
/* 1986 */       if (mDryRun) {
/* 1987 */         mLog.info("Would expand template:" + tf + " to file:" + wf);
/*      */       }
/*      */       else
/*      */       {
/* 1991 */         mLog.info("Expanding template:" + tf + " to file:" + wf);
/*      */         
/* 1993 */         if (!tFile.exists()) {
/* 1994 */           throw new ProxyConfException("Template file " + tf + " does not exist");
/*      */         }
/* 1996 */         r = new BufferedReader(new FileReader(tf));
/* 1997 */         w = new BufferedWriter(new FileWriter(wf));
/*      */         
/*      */ 
/*      */ 
/*      */ 
/* 2002 */         r.mark(100);
/* 2003 */         String line = r.readLine();
/*      */         
/*      */ 
/* 2006 */         if (line.equalsIgnoreCase("!{explode vhn_vip_ssl}")) {
/* 2007 */           expandTemplateExplodeSSLConfigsForAllVhnsAndVIPs(r, w);
/*      */         }
/*      */         else {
/* 2010 */           Matcher cmdMatcher = cmdPattern.matcher(line);
/* 2011 */           if (cmdMatcher.matches())
/*      */           {
/* 2013 */             String[] cmd_arg = cmdMatcher.group(2).split("[ \t]+", 2);
/*      */             
/* 2015 */             if ((cmd_arg.length == 2) && (cmd_arg[0].compareTo("explode") == 0))
/*      */             {
/*      */ 
/* 2018 */               if (!mGenConfPerVhn) {
/*      */                 return;
/*      */               }
/*      */               
/* 2022 */               if ((cmd_arg[1].startsWith("domain(")) && (cmd_arg[1].endsWith(")")))
/*      */               {
/* 2024 */                 String arglist = cmd_arg[1].substring("domain(".length(), cmd_arg[1].length() - 1);
/*      */                 String[] args;
/* 2026 */                 String[] args; if (arglist.equals("")) {
/* 2027 */                   args = new String[0];
/*      */                 } else {
/* 2029 */                   args = arglist.split(",( |\t)*");
/*      */                 }
/* 2031 */                 expandTemplateByExplodeDomain(r, w, args);
/*      */               } else {
/* 2033 */                 throw new ProxyConfException("Illegal custom header command: " + cmdMatcher.group(2));
/*      */               }
/*      */             } else {
/* 2036 */               throw new ProxyConfException("Illegal custom header command: " + cmdMatcher.group(2));
/*      */             }
/*      */           } else {
/* 2039 */             r.reset();
/* 2040 */             expandTemplateSimple(r, w);
/*      */           }
/*      */         }
/*      */       }
/*      */       return; } catch (IOException ie) { throw new ProxyConfException("Cannot expand template file: " + ie.getMessage());
/*      */     }
/*      */     catch (SecurityException se)
/*      */     {
/* 2048 */       throw new ProxyConfException("Cannot expand template: " + se.getMessage());
/*      */     }
/*      */     finally {
/*      */       try {
/* 2052 */         if (w != null)
/* 2053 */           w.close();
/* 2054 */         if (r != null)
/* 2055 */           r.close();
/*      */       } catch (IOException e) {
/* 2057 */         throw new ProxyConfException("Cannot expand template file: " + e.getMessage());
/*      */       }
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   @Deprecated
/*      */   private static void expandTemplateExplodeSSLConfigsForAllVhnsAndVIPs(BufferedReader temp, BufferedWriter conf)
/*      */     throws IOException, ProxyConfException
/*      */   {
/* 2073 */     int size = mDomainReverseProxyAttrs.size();
/* 2074 */     List<String> cache = null;
/*      */     
/* 2076 */     if (size > 0) {
/* 2077 */       Iterator<DomainAttrItem> it = mDomainReverseProxyAttrs.iterator();
/* 2078 */       DomainAttrItem item = (DomainAttrItem)it.next();
/* 2079 */       fillVarsWithDomainAttrs(item);
/* 2080 */       cache = expandTemplateAndCache(temp, conf);
/* 2081 */       conf.newLine();
/*      */       
/* 2083 */       while (it.hasNext()) {
/* 2084 */         item = (DomainAttrItem)it.next();
/* 2085 */         fillVarsWithDomainAttrs(item);
/* 2086 */         expandTempateFromCache(cache, conf);
/* 2087 */         conf.newLine();
/*      */       }
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   private static void expandTemplateByExplodeDomain(BufferedReader temp, BufferedWriter conf, String[] requiredAttrs)
/*      */     throws IOException, ProxyConfException
/*      */   {
/* 2108 */     int size = mDomainReverseProxyAttrs.size();
/* 2109 */     List<String> cache = null;
/*      */     
/* 2111 */     if (size > 0) {
/* 2112 */       Iterator<DomainAttrItem> it = mDomainReverseProxyAttrs.iterator();
/*      */       
/* 2114 */       while ((cache == null) && (it.hasNext())) {
/* 2115 */         DomainAttrItem item = (DomainAttrItem)it.next();
/* 2116 */         if ((item instanceof DomainAttrExceptionItem)) {
/* 2117 */           throw ((DomainAttrExceptionItem)item).exception;
/*      */         }
/*      */         
/* 2120 */         if (isRequiredAttrsValid(item, requiredAttrs))
/*      */         {
/*      */ 
/* 2123 */           fillVarsWithDomainAttrs(item);
/* 2124 */           cache = expandTemplateAndCache(temp, conf);
/* 2125 */           conf.newLine();
/*      */         }
/*      */       }
/* 2128 */       while (it.hasNext()) {
/* 2129 */         DomainAttrItem item = (DomainAttrItem)it.next();
/* 2130 */         if ((item instanceof DomainAttrExceptionItem)) {
/* 2131 */           throw ((DomainAttrExceptionItem)item).exception;
/*      */         }
/*      */         
/* 2134 */         if (isRequiredAttrsValid(item, requiredAttrs))
/*      */         {
/*      */ 
/* 2137 */           fillVarsWithDomainAttrs(item);
/* 2138 */           expandTempateFromCache(cache, conf);
/* 2139 */           conf.newLine();
/*      */         }
/*      */       }
/*      */     }
/*      */   }
/*      */   
/* 2145 */   private static boolean isRequiredAttrsValid(DomainAttrItem item, String[] requiredAttrs) { for (String attr : requiredAttrs) {
/* 2146 */       if (attr.equals("vhn"))
/*      */       {
/* 2148 */         if ((item.virtualHostname == null) || (item.virtualHostname.equals(""))) {
/* 2149 */           return false;
/*      */         }
/* 2151 */       } else if ((attr.equals("sso")) && (
/* 2152 */         (item.clientCertMode == null) || (item.clientCertMode.equals("")) || (item.clientCertMode.equals("off"))))
/*      */       {
/*      */ 
/* 2155 */         return false;
/*      */       }
/*      */     }
/*      */     
/*      */ 
/*      */ 
/* 2161 */     return true;
/*      */   }
/*      */   
/*      */   private static void fillVarsWithDomainAttrs(DomainAttrItem item)
/*      */     throws UnknownHostException, ProxyConfException
/*      */   {
/* 2167 */     String defaultVal = null;
/* 2168 */     mVars.put("vhn", item.virtualHostname);
/*      */     
/*      */ 
/* 2171 */     InetAddress vip = null;
/*      */     try {
/* 2173 */       if (item.virtualIPAddress == null) {
/* 2174 */         vip = InetAddress.getByName(item.virtualHostname);
/*      */       } else {
/* 2176 */         vip = InetAddress.getByName(item.virtualIPAddress);
/*      */       }
/*      */     } catch (UnknownHostException e) {
/* 2179 */       throw new ProxyConfException("virtual host name \"" + item.virtualHostname + "\" is not resolvable", e);
/*      */     }
/*      */     
/* 2182 */     if (IPModeEnablerVar.getZimbraIPMode() != IPModeEnablerVar.IPMode.BOTH) {
/* 2183 */       if ((IPModeEnablerVar.getZimbraIPMode() == IPModeEnablerVar.IPMode.IPV4_ONLY) && ((vip instanceof Inet6Address)))
/*      */       {
/* 2185 */         String msg = vip.getHostAddress() + " is an IPv6 address but zimbraIPMode is 'ipv4'";
/*      */         
/* 2187 */         mLog.error(msg);
/* 2188 */         throw new ProxyConfException(msg);
/*      */       }
/*      */       
/* 2191 */       if ((IPModeEnablerVar.getZimbraIPMode() == IPModeEnablerVar.IPMode.IPV6_ONLY) && ((vip instanceof Inet4Address)))
/*      */       {
/* 2193 */         String msg = vip.getHostAddress() + " is an IPv4 address but zimbraIPMode is 'ipv6'";
/*      */         
/* 2195 */         mLog.error(msg);
/* 2196 */         throw new ProxyConfException(msg);
/*      */       }
/*      */     }
/*      */     
/* 2200 */     if ((vip instanceof Inet6Address))
/*      */     {
/* 2202 */       mVars.put("vip", "[" + vip.getHostAddress() + "]");
/*      */     } else {
/* 2204 */       mVars.put("vip", vip.getHostAddress());
/*      */     }
/*      */     
/*      */ 
/* 2208 */     if (item.sslCertificate != null) {
/* 2209 */       mVars.put("ssl.crt", mDomainSSLDir + File.separator + item.domainName + mSSLCrtExt);
/*      */     }
/*      */     else
/*      */     {
/* 2213 */       defaultVal = (String)mVars.get("ssl.crt.default");
/* 2214 */       mVars.put("ssl.crt", defaultVal);
/*      */     }
/*      */     
/* 2217 */     if (item.sslPrivateKey != null) {
/* 2218 */       mVars.put("ssl.key", mDomainSSLDir + File.separator + item.domainName + mSSLKeyExt);
/*      */     }
/*      */     else
/*      */     {
/* 2222 */       defaultVal = (String)mVars.get("ssl.key.default");
/* 2223 */       mVars.put("ssl.key", defaultVal);
/*      */     }
/*      */     
/* 2226 */     if (item.clientCertMode != null) {
/* 2227 */       mVars.put("ssl.clientcertmode", item.clientCertMode);
/* 2228 */       if ((item.clientCertMode.equals("on")) || (item.clientCertMode.equals("optional"))) {
/* 2229 */         mVars.put("web.sso.certauth.enabled", "");
/*      */       } else {
/* 2231 */         mVars.put("web.sso.certauth.enabled", "#");
/*      */       }
/*      */     }
/*      */     else {
/* 2235 */       defaultVal = (String)mVars.get("ssl.clientcertmode.default");
/* 2236 */       mVars.put("ssl.clientcertmode", defaultVal);
/*      */     }
/*      */     
/* 2239 */     if (item.clientCertCa != null) {
/* 2240 */       String clientCertCaPath = getClientCertCaPathByDomain(item.domainName);
/* 2241 */       mVars.put("ssl.clientcertca", clientCertCaPath);
/*      */ 
/*      */     }
/*      */     else
/*      */     {
/*      */ 
/* 2247 */       defaultVal = (String)mVars.get("ssl.clientcertca.default");
/* 2248 */       mVars.put("ssl.clientcertca", defaultVal);
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   private static List<String> expandTemplateAndCache(BufferedReader temp, BufferedWriter conf)
/*      */     throws IOException
/*      */   {
/* 2259 */     ArrayList<String> cache = new ArrayList(50);
/* 2260 */     String line; while ((line = temp.readLine()) != null) {
/* 2261 */       if (!line.startsWith("#"))
/* 2262 */         cache.add(line);
/* 2263 */       line = StringUtil.fillTemplate(line, mVars);
/* 2264 */       conf.write(line);
/* 2265 */       conf.newLine();
/*      */     }
/* 2267 */     return cache;
/*      */   }
/*      */   
/*      */ 
/*      */   private static void expandTemplateSimple(BufferedReader temp, BufferedWriter conf)
/*      */     throws IOException
/*      */   {
/*      */     String line;
/*      */     
/* 2276 */     while ((line = temp.readLine()) != null) {
/* 2277 */       line = StringUtil.fillTemplate(line, mVars);
/* 2278 */       conf.write(line);
/* 2279 */       conf.newLine();
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */   private static void expandTempateFromCache(List<String> cache, BufferedWriter conf)
/*      */     throws IOException
/*      */   {
/* 2289 */     for (String line : cache) {
/* 2290 */       line = StringUtil.fillTemplate(line, mVars);
/* 2291 */       conf.write(line);
/* 2292 */       conf.newLine();
/*      */     }
/*      */   }
/*      */   
/*      */   public static void displayDefaultVariables()
/*      */     throws ProxyConfException
/*      */   {
/* 2299 */     for (ProxyConfVar var : mConfVars.values()) {
/* 2300 */       if ((var instanceof TimeInSecVarWrapper)) {
/* 2301 */         var = ((TimeInSecVarWrapper)var).mVar;
/*      */       }
/* 2303 */       var.write(System.out);
/*      */     }
/*      */   }
/*      */   
/*      */   public static void displayVariables()
/*      */     throws ProxyConfException
/*      */   {
/* 2310 */     SortedSet<String> sk = new TreeSet(mVars.keySet());
/*      */     
/* 2312 */     for (String k : sk) {
/* 2313 */       ProxyConfVar var = (ProxyConfVar)mConfVars.get(k);
/* 2314 */       if ((var instanceof TimeInSecVarWrapper))
/* 2315 */         var = ((TimeInSecVarWrapper)var).mVar;
/* 2316 */       var.write(System.out);
/*      */     }
/*      */   }
/*      */   
/*      */   public static void buildDefaultVars()
/*      */   {
/* 2322 */     mConfVars.put("core.workdir", new ProxyConfVar("core.workdir", null, mWorkingDir, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Working Directory for NGINX worker processes"));
/* 2323 */     mConfVars.put("core.includes", new ProxyConfVar("core.includes", null, mConfIncludesDir, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Include directory (relative to ${core.workdir}/conf)"));
/* 2324 */     mConfVars.put("core.cprefix", new ProxyConfVar("core.cprefix", null, mConfPrefix, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Common config file prefix"));
/* 2325 */     mConfVars.put("core.tprefix", new ProxyConfVar("core.tprefix", null, mTemplatePrefix, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Common template file prefix"));
/* 2326 */     mConfVars.put("core.ipv4only.enabled", new IPv4OnlyEnablerVar());
/* 2327 */     mConfVars.put("core.ipv6only.enabled", new IPv6OnlyEnablerVar());
/* 2328 */     mConfVars.put("core.ipboth.enabled", new IPBothEnablerVar());
/* 2329 */     mConfVars.put("ssl.crt.default", new ProxyConfVar("ssl.crt.default", null, mDefaultSSLCrt, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "default nginx certificate file path"));
/* 2330 */     mConfVars.put("ssl.key.default", new ProxyConfVar("ssl.key.default", null, mDefaultSSLKey, ProxyConfValueType.STRING, ProxyConfOverride.NONE, "default nginx private key file path"));
/* 2331 */     mConfVars.put("ssl.clientcertmode.default", new ProxyConfVar("ssl.clientcertmode.default", "zimbraReverseProxyClientCertMode", "off", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "enable authentication via X.509 Client Certificate in nginx proxy (https only)"));
/* 2332 */     mConfVars.put("ssl.clientcertca.default", new ClientCertAuthDefaultCAVar());
/* 2333 */     mConfVars.put("ssl.clientcertdepth.default", new ProxyConfVar("ssl.clientcertdepth.default", "zimbraReverseProxyClientCertDepth", new Integer(10), ProxyConfValueType.INTEGER, ProxyConfOverride.NONE, "indicate how depth the verification will load the ca chain. This is useful when client crt is signed by multiple intermediate ca"));
/* 2334 */     mConfVars.put("main.user", new ProxyConfVar("main.user", null, "zimbra", ProxyConfValueType.STRING, ProxyConfOverride.NONE, "The user as which the worker processes will run"));
/* 2335 */     mConfVars.put("main.group", new ProxyConfVar("main.group", null, "zimbra", ProxyConfValueType.STRING, ProxyConfOverride.NONE, "The group as which the worker processes will run"));
/* 2336 */     mConfVars.put("main.workers", new ProxyConfVar("main.workers", "zimbraReverseProxyWorkerProcesses", new Integer(4), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Number of worker processes"));
/* 2337 */     mConfVars.put("main.pidfile", new ProxyConfVar("main.pidfile", null, mWorkingDir + "/log/nginx.pid", ProxyConfValueType.STRING, ProxyConfOverride.NONE, "PID file path (relative to ${core.workdir})"));
/* 2338 */     mConfVars.put("main.logfile", new ProxyConfVar("main.logfile", null, mWorkingDir + "/log/nginx.log", ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Log file path (relative to ${core.workdir})"));
/* 2339 */     mConfVars.put("main.loglevel", new ProxyConfVar("main.loglevel", "zimbraReverseProxyLogLevel", "info", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "Log level - can be debug|info|notice|warn|error|crit"));
/* 2340 */     mConfVars.put("main.connections", new ProxyConfVar("main.connections", "zimbraReverseProxyWorkerConnections", new Integer(10240), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Maximum number of simultaneous connections per worker process"));
/* 2341 */     mConfVars.put("main.krb5keytab", new ProxyConfVar("main.krb5keytab", "krb5_keytab", "/opt/zimbra/conf/krb5.keytab", ProxyConfValueType.STRING, ProxyConfOverride.LOCALCONFIG, "Path to kerberos keytab file used for GSSAPI authentication"));
/* 2342 */     mConfVars.put("memcache.:servers", new MemcacheServersVar());
/* 2343 */     mConfVars.put("memcache.timeout", new ProxyConfVar("memcache.timeout", "zimbraReverseProxyCacheFetchTimeout", new Long(3000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time (ms) given to a cache-fetch operation to complete"));
/* 2344 */     mConfVars.put("memcache.reconnect", new ProxyConfVar("memcache.reconnect", "zimbraReverseProxyCacheReconnectInterval", new Long(60000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time (ms) after which NGINX will attempt to re-establish a broken connection to a memcache server"));
/* 2345 */     mConfVars.put("memcache.ttl", new ProxyConfVar("memcache.ttl", "zimbraReverseProxyCacheEntryTTL", new Long(3600000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time interval (ms) for which cached entries remain in memcache"));
/* 2346 */     mConfVars.put("mail.ctimeout", new ProxyConfVar("mail.ctimeout", "zimbraReverseProxyConnectTimeout", new Long(120000L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "Time interval (ms) after which a POP/IMAP proxy connection to a remote host will give up"));
/* 2347 */     mConfVars.put("mail.pop3.timeout", new ProxyConfVar("mail.pop3.timeout", "pop3_max_idle_time", Integer.valueOf(60), ProxyConfValueType.INTEGER, ProxyConfOverride.LOCALCONFIG, "pop3 network timeout before authentication"));
/* 2348 */     mConfVars.put("mail.pop3.proxytimeout", new ProxyConfVar("mail.pop3.proxytimeout", "pop3_max_idle_time", Integer.valueOf(60), ProxyConfValueType.INTEGER, ProxyConfOverride.LOCALCONFIG, "pop3 network timeout after authentication"));
/* 2349 */     mConfVars.put("mail.imap.timeout", new ProxyConfVar("mail.imap.timeout", "imap_max_idle_time", Integer.valueOf(60), ProxyConfValueType.INTEGER, ProxyConfOverride.LOCALCONFIG, "imap network timeout before authentication"));
/* 2350 */     mConfVars.put("mail.imap.proxytimeout", new TimeoutVar("mail.imap.proxytimeout", "imap_authenticated_max_idle_time", Integer.valueOf(1800), ProxyConfOverride.LOCALCONFIG, 300, "imap network timeout after authentication"));
/* 2351 */     mConfVars.put("mail.passerrors", new ProxyConfVar("mail.passerrors", "zimbraReverseProxyPassErrors", Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.SERVER, "Indicates whether mail proxy will pass any protocol specific errors from the upstream server back to the downstream client"));
/* 2352 */     mConfVars.put("mail.auth_http_timeout", new ProxyConfVar("mail.auth_http_timeout", "zimbraReverseProxyRouteLookupTimeout", new Long(15000L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "Time interval (ms) given to mail route lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)"));
/* 2353 */     mConfVars.put("mail.authwait", new ProxyConfVar("mail.authwait", "zimbraReverseProxyAuthWaitInterval", new Long(10000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time delay (ms) after which an incorrect POP/IMAP login attempt will be rejected"));
/* 2354 */     mConfVars.put("mail.pop3capa", new Pop3CapaVar());
/* 2355 */     mConfVars.put("mail.imapcapa", new ImapCapaVar());
/* 2356 */     mConfVars.put("mail.imapid", new ProxyConfVar("mail.imapid", null, "\"NAME\" \"Zimbra\" \"VERSION\" \"" + BuildInfo.VERSION + "\" \"RELEASE\" \"" + BuildInfo.RELEASE + "\"", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "NGINX response to IMAP ID command"));
/* 2357 */     mConfVars.put("mail.defaultrealm", new ProxyConfVar("mail.defaultrealm", "zimbraReverseProxyDefaultRealm", "", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "Default SASL realm used in case Kerberos principal does not contain realm information"));
/* 2358 */     mConfVars.put("mail.sasl_host_from_ip", new SaslHostFromIPVar());
/* 2359 */     mConfVars.put("mail.saslapp", new ProxyConfVar("mail.saslapp", null, "nginx", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Application name used by NGINX to initialize SASL authentication"));
/* 2360 */     mConfVars.put("mail.ipmax", new ProxyConfVar("mail.ipmax", "zimbraReverseProxyIPLoginLimit", new Integer(0), ProxyConfValueType.INTEGER, ProxyConfOverride.CONFIG, "IP Login Limit (Throttle) - 0 means infinity"));
/* 2361 */     mConfVars.put("mail.ipttl", new ProxyConfVar("mail.ipttl", "zimbraReverseProxyIPLoginLimitTime", new Long(3600000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time interval (ms) after which IP Login Counter is reset"));
/* 2362 */     mConfVars.put("mail.iprej", new ProxyConfVar("mail.iprej", "zimbraReverseProxyIpThrottleMsg", "Login rejected from this IP", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Rejection message for IP throttle"));
/* 2363 */     mConfVars.put("mail.usermax", new ProxyConfVar("mail.usermax", "zimbraReverseProxyUserLoginLimit", new Integer(0), ProxyConfValueType.INTEGER, ProxyConfOverride.CONFIG, "User Login Limit (Throttle) - 0 means infinity"));
/* 2364 */     mConfVars.put("mail.userttl", new ProxyConfVar("mail.userttl", "zimbraReverseProxyUserLoginLimitTime", new Long(3600000L), ProxyConfValueType.TIME, ProxyConfOverride.CONFIG, "Time interval (ms) after which User Login Counter is reset"));
/* 2365 */     mConfVars.put("mail.userrej", new ProxyConfVar("mail.userrej", "zimbraReverseProxyUserThrottleMsg", "Login rejected for this user", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Rejection message for User throttle"));
/* 2366 */     mConfVars.put("mail.upstream.pop3xoip", new ProxyConfVar("mail.upstream.pop3xoip", "zimbraReverseProxySendPop3Xoip", Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.CONFIG, "Whether NGINX issues the POP3 XOIP command to the upstream server prior to logging in (audit purpose)"));
/* 2367 */     mConfVars.put("mail.upstream.imapid", new ProxyConfVar("mail.upstream.imapid", "zimbraReverseProxySendImapId", Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.CONFIG, "Whether NGINX issues the IMAP ID command to the upstream server prior to logging in (audit purpose)"));
/* 2368 */     mConfVars.put("mail.ssl.protocols", new MailSSLProtocolsVar());
/* 2369 */     mConfVars.put("mail.ssl.preferserverciphers", new ProxyConfVar("mail.ssl.preferserverciphers", null, Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.CONFIG, "Requires TLS protocol server ciphers be preferred over the client's ciphers"));
/* 2370 */     mConfVars.put("mail.ssl.ciphers", new ProxyConfVar("mail.ssl.ciphers", "zimbraReverseProxySSLCiphers", "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Permitted ciphers for mail proxy"));
/*      */     
/*      */ 
/* 2373 */     mConfVars.put("mail.ssl.ecdh.curve", new ProxyConfVar("mail.ssl.ecdh.curve", "zimbraReverseProxySSLECDHCurve", "prime256v1", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "SSL ECDH cipher curve for mail proxy"));
/* 2374 */     mConfVars.put("mail.imap.authplain.enabled", new ProxyConfVar("mail.imap.authplain.enabled", "zimbraReverseProxyImapSaslPlainEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.CONFIG, "Whether SASL PLAIN is enabled for IMAP"));
/* 2375 */     mConfVars.put("mail.imap.authgssapi.enabled", new ProxyConfVar("mail.imap.authgssapi.enabled", "zimbraReverseProxyImapSaslGssapiEnabled", Boolean.valueOf(false), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Whether SASL GSSAPI is enabled for IMAP"));
/* 2376 */     mConfVars.put("mail.pop3.authplain.enabled", new ProxyConfVar("mail.pop3.authplain.enabled", "zimbraReverseProxyPop3SaslPlainEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Whether SASL PLAIN is enabled for POP3"));
/* 2377 */     mConfVars.put("mail.pop3.authgssapi.enabled", new ProxyConfVar("mail.pop3.authgssapi.enabled", "zimbraReverseProxyPop3SaslGssapiEnabled", Boolean.valueOf(false), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Whether SASL GSSAPI is enabled for POP3"));
/* 2378 */     mConfVars.put("mail.imap.literalauth", new ProxyConfVar("mail.imap.literalauth", null, Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.CONFIG, "Whether NGINX uses literal strings for user name/password when logging in to upstream IMAP server - if false, NGINX uses quoted strings"));
/* 2379 */     mConfVars.put("mail.imap.port", new ProxyConfVar("mail.imap.port", "zimbraImapProxyBindPort", new Integer(143), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Mail Proxy IMAP Port"));
/* 2380 */     mConfVars.put("mail.imap.tls", new ProxyConfVar("mail.imap.tls", "zimbraReverseProxyImapStartTlsMode", "only", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "TLS support for IMAP - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel"));
/* 2381 */     mConfVars.put("mail.imaps.port", new ProxyConfVar("mail.imaps.port", "zimbraImapSSLProxyBindPort", new Integer(993), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Mail Proxy IMAPS Port"));
/* 2382 */     mConfVars.put("mail.pop3.port", new ProxyConfVar("mail.pop3.port", "zimbraPop3ProxyBindPort", new Integer(110), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Mail Proxy POP3 Port"));
/* 2383 */     mConfVars.put("mail.pop3.tls", new ProxyConfVar("mail.pop3.tls", "zimbraReverseProxyPop3StartTlsMode", "only", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "TLS support for POP3 - can be on|off|only - on indicates TLS support present, off indicates TLS support absent, only indicates TLS is enforced on unsecure channel"));
/* 2384 */     mConfVars.put("mail.pop3s.port", new ProxyConfVar("mail.pop3s.port", "zimbraPop3SSLProxyBindPort", new Integer(995), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Mail Proxy POP3S Port"));
/* 2385 */     mConfVars.put("mail.imap.greeting", new ImapGreetingVar());
/* 2386 */     mConfVars.put("mail.pop3.greeting", new Pop3GreetingVar());
/* 2387 */     mConfVars.put("mail.enabled", new ProxyConfVar("mail.enabled", "zimbraReverseProxyMailEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether Mail Proxy is enabled"));
/* 2388 */     mConfVars.put("mail.imap.enabled", new ProxyConfVar("mail.imap.enabled", "zimbraReverseProxyMailImapEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether Imap Mail Proxy is enabled"));
/* 2389 */     mConfVars.put("mail.imaps.enabled", new ProxyConfVar("mail.imaps.enabled", "zimbraReverseProxyMailImapsEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether Imaps Mail Proxy is enabled"));
/* 2390 */     mConfVars.put("mail.pop3.enabled", new ProxyConfVar("mail.pop3.enabled", "zimbraReverseProxyMailPop3Enabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether Pop Mail Proxy is enabled"));
/* 2391 */     mConfVars.put("mail.pop3s.enabled", new ProxyConfVar("mail.pop3s.enabled", "zimbraReverseProxyMailPop3sEnabled", Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether Pops Mail Proxy is enabled"));
/* 2392 */     mConfVars.put("mail.proxy.ssl", new ProxyConfVar("mail.proxy.ssl", "zimbraReverseProxySSLToUpstreamEnabled", Boolean.valueOf(false), ProxyConfValueType.BOOLEAN, ProxyConfOverride.SERVER, "Indicates whether using SSL to connect to upstream mail server"));
/* 2393 */     mConfVars.put("web.logfile", new ProxyConfVar("web.logfile", null, mWorkingDir + "/log/nginx.access.log", ProxyConfValueType.STRING, ProxyConfOverride.NONE, "Access log file path (relative to ${core.workdir})"));
/* 2394 */     mConfVars.put("web.mailmode", new ProxyConfVar("web.mailmode", "zimbraReverseProxyMailMode", "both", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "Reverse Proxy Mail Mode - can be http|https|both|redirect|mixed"));
/* 2395 */     mConfVars.put("web.server_name.default", new ProxyConfVar("web.server_name.default", "zimbra_server_hostname", "localhost", ProxyConfValueType.STRING, ProxyConfOverride.LOCALCONFIG, "The server name for default server config"));
/* 2396 */     mConfVars.put("web.upstream.name", new ProxyConfVar("web.upstream.name", null, "zimbra", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for HTTP upstream cluster"));
/* 2397 */     mConfVars.put("web.upstream.webclient.name", new ProxyConfVar("web.upstream.webclient.name", null, "zimbra_webclient", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for HTTP upstream webclient cluster"));
/* 2398 */     mConfVars.put("web.ssl.upstream.name", new ProxyConfVar("web.ssl.upstream.name", null, "zimbra_ssl", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for HTTPS upstream cluster"));
/* 2399 */     mConfVars.put("web.ssl.upstream.webclient.name", new ProxyConfVar("web.ssl.upstream.webclient.name", null, "zimbra_ssl_webclient", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for HTTPS upstream webclient cluster"));
/* 2400 */     mConfVars.put("web.upstream.:servers", new WebUpstreamServersVar());
/* 2401 */     mConfVars.put("web.upstream.webclient.:servers", new WebUpstreamClientServersVar());
/* 2402 */     mConfVars.put("web.server_names.max_size", new ProxyConfVar("web.server_names.max_size", "proxy_server_names_hash_max_size", Integer.valueOf(512), ProxyConfValueType.INTEGER, ProxyConfOverride.LOCALCONFIG, "the server names hash max size, needed to be increased if too many virtual host names are added"));
/* 2403 */     mConfVars.put("web.server_names.bucket_size", new ProxyConfVar("web.server_names.bucket_size", "proxy_server_names_hash_bucket_size", Integer.valueOf(64), ProxyConfValueType.INTEGER, ProxyConfOverride.LOCALCONFIG, "the server names hash bucket size, needed to be increased if too many virtual host names are added"));
/* 2404 */     mConfVars.put("web.ssl.upstream.:servers", new WebSSLUpstreamServersVar());
/* 2405 */     mConfVars.put("web.ssl.upstream.webclient.:servers", new WebSSLUpstreamClientServersVar());
/* 2406 */     mConfVars.put("web.uploadmax", new ProxyConfVar("web.uploadmax", "zimbraFileUploadMaxSize", new Long(10485760L), ProxyConfValueType.LONG, ProxyConfOverride.SERVER, "Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413"));
/* 2407 */     mConfVars.put("web.:error_pages", new ErrorPagesVar());
/* 2408 */     mConfVars.put("web.http.port", new ProxyConfVar("web.http.port", "zimbraMailProxyPort", new Integer(0), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Web Proxy HTTP Port"));
/* 2409 */     mConfVars.put("web.http.maxbody", new ProxyConfVar("web.http.maxbody", "zimbraFileUploadMaxSize", new Long(10485760L), ProxyConfValueType.LONG, ProxyConfOverride.SERVER, "Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413"));
/* 2410 */     mConfVars.put("web.https.port", new ProxyConfVar("web.https.port", "zimbraMailSSLProxyPort", new Integer(0), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Web Proxy HTTPS Port"));
/* 2411 */     mConfVars.put("web.https.maxbody", new ProxyConfVar("web.https.maxbody", "zimbraFileUploadMaxSize", new Long(10485760L), ProxyConfValueType.LONG, ProxyConfOverride.SERVER, "Maximum accepted client request body size (indicated by Content-Length) - if content length exceeds this limit, then request fails with HTTP 413"));
/* 2412 */     mConfVars.put("web.ssl.protocols", new WebSSLProtocolsVar());
/* 2413 */     mConfVars.put("web.ssl.preferserverciphers", new ProxyConfVar("web.ssl.preferserverciphers", null, Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.CONFIG, "Requires TLS protocol server ciphers be preferred over the client's ciphers"));
/* 2414 */     mConfVars.put("web.ssl.ciphers", new ProxyConfVar("web.ssl.ciphers", "zimbraReverseProxySSLCiphers", "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Permitted ciphers for web proxy"));
/*      */     
/*      */ 
/* 2417 */     mConfVars.put("web.ssl.ecdh.curve", new ProxyConfVar("web.ssl.ecdh.curve", "zimbraReverseProxySSLECDHCurve", "prime256v1", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "SSL ECDH cipher curve for web proxy"));
/* 2418 */     mConfVars.put("web.http.uport", new ProxyConfVar("web.http.uport", "zimbraMailPort", new Integer(80), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Web upstream server port"));
/* 2419 */     mConfVars.put("web.upstream.connect.timeout", new ProxyConfVar("web.upstream.connect.timeout", "zimbraReverseProxyUpstreamConnectTimeout", new Integer(25), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "upstream connect timeout"));
/* 2420 */     mConfVars.put("web.upstream.read.timeout", new TimeInSecVarWrapper(new ProxyConfVar("web.upstream.read.timeout", "zimbraReverseProxyUpstreamReadTimeout", new Long(60L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "upstream read timeout")));
/* 2421 */     mConfVars.put("web.upstream.send.timeout", new TimeInSecVarWrapper(new ProxyConfVar("web.upstream.send.timeout", "zimbraReverseProxyUpstreamSendTimeout", new Long(60L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "upstream send timeout")));
/* 2422 */     mConfVars.put("web.upstream.polling.timeout", new TimeInSecVarWrapper(new ProxyConfVar("web.upstream.polling.timeout", "zimbraReverseProxyUpstreamPollingTimeout", new Long(3600L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "the response timeout for Microsoft Active Sync polling")));
/* 2423 */     mConfVars.put("web.enabled", new ProxyConfVar("web.enabled", "zimbraReverseProxyHttpEnabled", Boolean.valueOf(false), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Indicates whether HTTP proxying is enabled"));
/* 2424 */     mConfVars.put("web.upstream.exactversioncheck", new ProxyConfVar("web.upstream.exactversioncheck", "zimbraReverseProxyExactServerVersionCheck", "on", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "Indicates whether nginx will match exact server version against the version received in the client request"));
/* 2425 */     mConfVars.put("web.http.enabled", new HttpEnablerVar());
/* 2426 */     mConfVars.put("web.https.enabled", new HttpsEnablerVar());
/* 2427 */     mConfVars.put("web.upstream.target", new WebProxyUpstreamTargetVar());
/* 2428 */     mConfVars.put("web.upstream.webclient.target", new WebProxyUpstreamClientTargetVar());
/* 2429 */     mConfVars.put("zmlookup.:handlers", new ZMLookupHandlerVar());
/* 2430 */     mConfVars.put("zmlookup.timeout", new ProxyConfVar("zmlookup.timeout", "zimbraReverseProxyRouteLookupTimeout", new Long(15000L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "Time interval (ms) given to lookup handler to respond to route lookup request (after this time elapses, Proxy fails over to next handler, or fails the request if there are no more lookup handlers)"));
/* 2431 */     mConfVars.put("zmlookup.retryinterval", new ProxyConfVar("zmlookup.retryinterval", "zimbraReverseProxyRouteLookupTimeoutCache", new Long(60000L), ProxyConfValueType.TIME, ProxyConfOverride.SERVER, "Time interval (ms) given to lookup handler to cache a failed response to route a previous lookup request (after this time elapses, Proxy retries this host)"));
/* 2432 */     mConfVars.put("zmlookup.dpasswd", new ProxyConfVar("zmlookup.dpasswd", "ldap_nginx_password", "zmnginx", ProxyConfValueType.STRING, ProxyConfOverride.LOCALCONFIG, "Password for master credentials used by NGINX to log in to upstream for GSSAPI authentication"));
/* 2433 */     mConfVars.put("zmlookup.caching", new ProxyConfVar("zmlookup.caching", null, Boolean.valueOf(true), ProxyConfValueType.BOOLEAN, ProxyConfOverride.NONE, "Whether to turn on nginx lookup caching"));
/* 2434 */     mConfVars.put("zmlookup.unqual", new ProxyConfVar("zmlookup.unqual", null, Boolean.valueOf(false), ProxyConfValueType.BOOLEAN, ProxyConfOverride.NONE, "Deprecated - always set to false"));
/* 2435 */     mConfVars.put("zmprefix.url", new ProxyConfVar("zmprefix.url", "zimbraMailURL", "/", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "http URL prefix for where the zimbra app resides on upstream server"));
/* 2436 */     mConfVars.put("web.sso.certauth.port", new ProxyConfVar("web.sso.certauth.port", "zimbraMailSSLProxyClientCertPort", new Integer(0), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "reverse proxy client cert auth port"));
/* 2437 */     mConfVars.put("web.sso.certauth.default.enabled", new ZMSSOCertAuthDefaultEnablerVar());
/* 2438 */     mConfVars.put("web.sso.enabled", new ZMSSOEnablerVar());
/* 2439 */     mConfVars.put("web.sso.default.enabled", new ZMSSODefaultEnablerVar());
/* 2440 */     mConfVars.put("web.admin.default.enabled", new ProxyConfVar("web.amdin.default.enabled", "zimbraReverseProxyAdminEnabled", new Boolean(false), ProxyConfValueType.ENABLER, ProxyConfOverride.SERVER, "Inidicate whether admin console proxy is enabled"));
/* 2441 */     mConfVars.put("web.admin.port", new ProxyConfVar("web.admin.port", "zimbraAdminProxyPort", new Integer(9071), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Admin console proxy port"));
/* 2442 */     mConfVars.put("web.admin.uport", new ProxyConfVar("web.admin.uport", "zimbraAdminPort", new Integer(7071), ProxyConfValueType.INTEGER, ProxyConfOverride.SERVER, "Admin console upstream port"));
/* 2443 */     mConfVars.put("web.admin.upstream.name", new ProxyConfVar("web.admin.upstream.name", null, "zimbra_admin", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for admin console upstream cluster"));
/* 2444 */     mConfVars.put("web.admin.upstream.adminclient.name", new ProxyConfVar("web.admin.upstream.adminclient.name", null, "zimbra_adminclient", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for admin client console upstream cluster"));
/* 2445 */     mConfVars.put("web.admin.upstream.:servers", new WebAdminUpstreamServersVar());
/* 2446 */     mConfVars.put("web.admin.upstream.adminclient.:servers", new WebAdminUpstreamAdminClientServersVar());
/* 2447 */     mConfVars.put("web.upstream.noop.timeout", new TimeoutVar("web.upstream.noop.timeout", "zimbra_noop_max_timeout", Integer.valueOf(1200), ProxyConfOverride.LOCALCONFIG, 20, "the response timeout for NoOpRequest"));
/* 2448 */     mConfVars.put("web.upstream.waitset.timeout", new TimeoutVar("web.upstream.waitset.timeout", "zimbra_waitset_max_request_timeout", Integer.valueOf(1200), ProxyConfOverride.LOCALCONFIG, 20, "the response timeout for WaitSetRequest"));
/* 2449 */     mConfVars.put("main.accept_mutex", new ProxyConfVar("main.accept_mutex", "zimbraReverseProxyAcceptMutex", "on", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "accept_mutex flag for NGINX - can be on|off - on indicates regular distribution, off gets better distribution of client connections between workers"));
/* 2450 */     mConfVars.put("web.ews.upstream.disable", new EwsEnablerVar());
/* 2451 */     mConfVars.put("web.upstream.ewsserver.:servers", new WebEwsUpstreamServersVar());
/* 2452 */     mConfVars.put("web.ssl.upstream.ewsserver.:servers", new WebEwsSSLUpstreamServersVar());
/* 2453 */     mConfVars.put("web.ews.upstream.name", new ProxyConfVar("web.ews.upstream.name", null, "zimbra_ews", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for ews upstream server cluster"));
/* 2454 */     mConfVars.put("web.ssl.ews.upstream.name", new ProxyConfVar("web.ssl.ews.upstream.name", null, "zimbra_ews_ssl", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for https ews upstream server cluster"));
/* 2455 */     mConfVars.put("web.login.upstream.disable", new LoginEnablerVar());
/* 2456 */     mConfVars.put("web.upstream.loginserver.:servers", new WebLoginUpstreamServersVar());
/* 2457 */     mConfVars.put("web.ssl.upstream.loginserver.:servers", new WebLoginSSLUpstreamServersVar());
/* 2458 */     mConfVars.put("web.login.upstream.name", new ProxyConfVar("web.login.upstream.name", null, "zimbra_login", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for upstream login server cluster"));
/* 2459 */     mConfVars.put("web.ssl.login.upstream.name", new ProxyConfVar("web.ssl.login.upstream.name", null, "zimbra_login_ssl", ProxyConfValueType.STRING, ProxyConfOverride.CONFIG, "Symbolic name for https upstream login server cluster"));
/* 2460 */     mConfVars.put("web.login.upstream.url", new ProxyConfVar("web.login.upstream.url", "zimbraMailURL", "/", ProxyConfValueType.STRING, ProxyConfOverride.SERVER, "Zimbra Login URL"));
/* 2461 */     mConfVars.put("web.upstream.login.target", new WebProxyUpstreamLoginTargetVar());
/* 2462 */     mConfVars.put("web.upstream.ews.target", new WebProxyUpstreamEwsTargetVar());
/*      */   }
/*      */   
/*      */ 
/*      */   public static void updateDefaultVars()
/*      */     throws ServiceException, ProxyConfException
/*      */   {
/* 2469 */     Set<String> keys = mConfVars.keySet();
/* 2470 */     for (String key : keys) {
/* 2471 */       ((ProxyConfVar)mConfVars.get(key)).update();
/* 2472 */       mVars.put(key, ((ProxyConfVar)mConfVars.get(key)).confValue());
/*      */     }
/*      */   }
/*      */   
/*      */   public static void overrideDefaultVars(CommandLine cl)
/*      */   {
/* 2478 */     String[] overrides = cl.getOptionValues('c');
/*      */     
/* 2480 */     if (overrides != null) {
/* 2481 */       for (String o : overrides) {
/* 2482 */         mLog.debug("Processing config override " + o);
/* 2483 */         int e = o.indexOf("=");
/* 2484 */         if (e <= 0) {
/* 2485 */           mLog.info("Ignoring config override " + o + " because it is not of the form name=value");
/*      */         } else {
/* 2487 */           String k = o.substring(0, e);
/* 2488 */           String v = o.substring(e + 1);
/*      */           
/* 2490 */           if (mVars.containsKey(k)) {
/* 2491 */             mLog.info("Overriding config variable " + k + " with " + v);
/* 2492 */             mVars.put(k, v);
/*      */           } else {
/* 2494 */             mLog.info("Ignoring non-existent config variable " + k);
/*      */           }
/*      */         }
/*      */       }
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */   public static boolean isWorkableConf()
/*      */   {
/* 2505 */     boolean validConf = true;
/*      */     
/*      */ 
/*      */ 
/* 2509 */     boolean webEnabled = ((Boolean)((ProxyConfVar)mConfVars.get("web.enabled")).rawValue()).booleanValue();
/* 2510 */     boolean mailEnabled = ((Boolean)((ProxyConfVar)mConfVars.get("mail.enabled")).rawValue()).booleanValue();
/*      */     
/* 2512 */     ArrayList<String> webUpstreamServers = (ArrayList)((ProxyConfVar)mConfVars.get("web.upstream.:servers")).rawValue();
/* 2513 */     ArrayList<String> webUpstreamClientServers = (ArrayList)((ProxyConfVar)mConfVars.get("web.upstream.webclient.:servers")).rawValue();
/* 2514 */     ArrayList<String> webSSLUpstreamServers = (ArrayList)((ProxyConfVar)mConfVars.get("web.ssl.upstream.:servers")).rawValue();
/* 2515 */     ArrayList<String> webSSLUpstreamClientServers = (ArrayList)((ProxyConfVar)mConfVars.get("web.ssl.upstream.webclient.:servers")).rawValue();
/* 2516 */     ArrayList<String> zmLookupHandlers = (ArrayList)((ProxyConfVar)mConfVars.get("zmlookup.:handlers")).rawValue();
/*      */     
/* 2518 */     if ((webEnabled) && ((webUpstreamServers.size() == 0) || (webUpstreamClientServers.size() == 0))) {
/* 2519 */       mLog.info("Web is enabled but there are no HTTP upstream webclient/mailclient servers (Config will not be written)");
/* 2520 */       validConf = false;
/*      */     }
/*      */     
/* 2523 */     if ((webEnabled) && ((webSSLUpstreamServers.size() == 0) || (webSSLUpstreamClientServers.size() == 0))) {
/* 2524 */       mLog.info("Web is enabled but there are no HTTPS upstream webclient/mailclient servers (Config will not be written)");
/* 2525 */       validConf = false;
/*      */     }
/*      */     
/* 2528 */     if (((webEnabled) || (mailEnabled)) && (zmLookupHandlers.size() == 0)) {
/* 2529 */       mLog.info("Proxy is enabled but there are no lookup hanlders (Config will not be written)");
/* 2530 */       validConf = false;
/*      */     }
/*      */     
/* 2533 */     return validConf;
/*      */   }
/*      */   
/*      */   public static int createConf(String[] args) throws ServiceException, ProxyConfException
/*      */   {
/* 2538 */     int exitCode = 0;
/* 2539 */     CommandLine cl = parseArgs(args);
/*      */     
/* 2541 */     if (cl == null) {
/* 2542 */       exitCode = 1;
/* 2543 */       return exitCode;
/*      */     }
/*      */     
/* 2546 */     if (cl.hasOption('v')) {
/* 2547 */       CliUtil.toolSetup("DEBUG");
/*      */     } else {
/* 2549 */       CliUtil.toolSetup("INFO");
/*      */     }
/*      */     
/* 2552 */     mProv = Provisioning.getInstance();
/* 2553 */     ProxyConfVar.configSource = mProv.getConfig();
/* 2554 */     ProxyConfVar.serverSource = ProxyConfVar.configSource;
/*      */     
/* 2556 */     if (cl.hasOption('h')) {
/* 2557 */       usage(null);
/* 2558 */       exitCode = 0;
/* 2559 */       return exitCode;
/*      */     }
/*      */     
/* 2562 */     if (cl.hasOption('n')) {
/* 2563 */       mDryRun = true;
/*      */     }
/*      */     
/* 2566 */     if (cl.hasOption('w')) {
/* 2567 */       mWorkingDir = cl.getOptionValue('w');
/* 2568 */       mConfDir = mWorkingDir + "/conf";
/* 2569 */       mTemplateDir = mWorkingDir + "/conf/nginx/templates";
/* 2570 */       mConfIncludesDir = mConfDir + "/" + mIncDir;
/*      */     }
/*      */     
/* 2573 */     if (cl.hasOption('i')) {
/* 2574 */       mIncDir = cl.getOptionValue('i');
/* 2575 */       mConfIncludesDir = mConfDir + "/" + mIncDir;
/*      */     }
/*      */     
/* 2578 */     if (cl.hasOption('t')) {
/* 2579 */       mTemplateDir = cl.getOptionValue('t');
/*      */     }
/*      */     
/* 2582 */     mLog.debug("Working Directory: " + mWorkingDir);
/* 2583 */     mLog.debug("Template Directory: " + mTemplateDir);
/* 2584 */     mLog.debug("Config Includes Directory: " + mConfIncludesDir);
/*      */     
/* 2586 */     if (cl.hasOption('p')) {
/* 2587 */       mConfPrefix = cl.getOptionValue('p');
/* 2588 */       mTemplatePrefix = mConfPrefix;
/*      */     }
/*      */     
/* 2591 */     if (cl.hasOption('P')) {
/* 2592 */       mTemplatePrefix = cl.getOptionValue('P');
/*      */     }
/*      */     
/* 2595 */     mLog.debug("Config File Prefix: " + mConfPrefix);
/* 2596 */     mLog.debug("Template File Prefix: " + mTemplatePrefix);
/*      */     
/*      */ 
/* 2599 */     mLog.debug("Building Default Variable Map");
/* 2600 */     buildDefaultVars();
/*      */     
/* 2602 */     if (cl.hasOption('d')) {
/* 2603 */       displayDefaultVariables();
/* 2604 */       exitCode = 0;
/* 2605 */       return exitCode;
/*      */     }
/*      */     
/*      */ 
/* 2609 */     if (cl.hasOption('s')) {
/* 2610 */       mHost = cl.getOptionValue('s');
/* 2611 */       mLog.info("Loading server object: " + mHost);
/*      */       try {
/* 2613 */         mServer = getServer(mHost);
/* 2614 */         ProxyConfVar.serverSource = mServer;
/*      */       } catch (ProxyConfException pe) {
/* 2616 */         mLog.error("Cannot load server object. Make sure the server specified with -s exists");
/* 2617 */         return 1;
/*      */       }
/*      */     }
/*      */     
/*      */ 
/* 2622 */     mGenConfPerVhn = ProxyConfVar.serverSource.getBooleanAttr("zimbraReverseProxyGenConfigPerVirtualHostname", false);
/*      */     
/*      */     try
/*      */     {
/* 2626 */       mLog.debug("Loading Attrs in Domain Level");
/* 2627 */       mDomainReverseProxyAttrs = loadDomainReverseProxyAttrs();
/*      */       
/* 2629 */       mLog.debug("Updating Default Variable Map");
/* 2630 */       updateDefaultVars();
/*      */       
/* 2632 */       mLog.debug("Processing Config Overrides");
/* 2633 */       overrideDefaultVars(cl);
/*      */       
/* 2635 */       String clientCA = loadAllClientCertCA();
/* 2636 */       writeClientCAtoFile(clientCA);
/*      */     } catch (ProxyConfException pe) {
/* 2638 */       handleException(pe);
/* 2639 */       exitCode = 1;
/*      */     } catch (ServiceException se) {
/* 2641 */       handleException(se);
/* 2642 */       exitCode = 1;
/*      */     }
/*      */     
/* 2645 */     if (exitCode > 0) {
/* 2646 */       mLog.info("Proxy configuration files generation is interrupted by errors");
/* 2647 */       return exitCode;
/*      */     }
/* 2649 */     if (cl.hasOption('D')) {
/* 2650 */       displayVariables();
/* 2651 */       exitCode = 0;
/* 2652 */       return exitCode;
/*      */     }
/*      */     
/* 2655 */     if (cl.getArgs().length > 0) {
/* 2656 */       usage(null);
/* 2657 */       exitCode = 0;
/* 2658 */       return exitCode;
/*      */     }
/*      */     
/* 2661 */     if (!isWorkableConf()) {
/* 2662 */       mLog.error("Configuration is not valid because no route lookup handlers exist, or because no HTTP/HTTPS upstream servers were found");
/* 2663 */       mLog.error("Please ensure that the output of 'zmprov garpu/garpb' returns at least one entry in non-split mode and atleast two if this server is in split-mode (just service or zimbra/zimbraAdmin)");
/* 2664 */       exitCode = 1;
/* 2665 */       return exitCode;
/*      */     }
/*      */     
/* 2668 */     exitCode = 0;
/*      */     try
/*      */     {
/* 2671 */       File confDir = new File(mConfDir, "");
/* 2672 */       String confPath = confDir.getAbsolutePath();
/* 2673 */       if (!confDir.canRead()) {
/* 2674 */         throw new ProxyConfException("Cannot read configuration directory " + confPath);
/*      */       }
/* 2676 */       if (!confDir.canWrite()) {
/* 2677 */         throw new ProxyConfException("Cannot write to configuration directory " + confPath);
/*      */       }
/* 2679 */       if (!confDir.exists()) {
/* 2680 */         throw new ProxyConfException("Configuration directory " + confDir.getAbsolutePath() + " does not exist");
/*      */       }
/*      */       
/* 2683 */       expandTemplate(new File(mTemplateDir, getCoreConfTemplate()), new File(mConfDir, getCoreConf()));
/* 2684 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("main")), new File(mConfIncludesDir, getConfFileName("main")));
/* 2685 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("memcache")), new File(mConfIncludesDir, getConfFileName("memcache")));
/* 2686 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("zmlookup")), new File(mConfIncludesDir, getConfFileName("zmlookup")));
/* 2687 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail")), new File(mConfIncludesDir, getConfFileName("mail")));
/* 2688 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.imap")), new File(mConfIncludesDir, getConfFileName("mail.imap")));
/* 2689 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.imap.default")), new File(mConfIncludesDir, getConfFileName("mail.imap.default")));
/* 2690 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.imaps")), new File(mConfIncludesDir, getConfFileName("mail.imaps")));
/* 2691 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.imaps.default")), new File(mConfIncludesDir, getConfFileName("mail.imaps.default")));
/* 2692 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.pop3")), new File(mConfIncludesDir, getConfFileName("mail.pop3")));
/* 2693 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.pop3.default")), new File(mConfIncludesDir, getConfFileName("mail.pop3.default")));
/* 2694 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.pop3s")), new File(mConfIncludesDir, getConfFileName("mail.pop3s")));
/* 2695 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("mail.pop3s.default")), new File(mConfIncludesDir, getConfFileName("mail.pop3s.default")));
/* 2696 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web")), new File(mConfIncludesDir, getConfFileName("web")));
/* 2697 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.http")), new File(mConfIncludesDir, getConfFileName("web.http")));
/* 2698 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.http.default")), new File(mConfIncludesDir, getConfFileName("web.http.default")));
/* 2699 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.https")), new File(mConfIncludesDir, getConfFileName("web.https")));
/* 2700 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.https.default")), new File(mConfIncludesDir, getConfFileName("web.https.default")));
/* 2701 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.sso")), new File(mConfIncludesDir, getConfFileName("web.sso")));
/* 2702 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.sso.default")), new File(mConfIncludesDir, getConfFileName("web.sso.default")));
/* 2703 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.admin")), new File(mConfIncludesDir, getConfFileName("web.admin")));
/* 2704 */       expandTemplate(new File(mTemplateDir, getConfTemplateFileName("web.admin.default")), new File(mConfIncludesDir, getConfFileName("web.admin.default")));
/* 2705 */       expandTemplate(new File(mTemplateDir, getWebHttpModeConfTemplate("http")), new File(mConfIncludesDir, getWebHttpModeConf("http")));
/* 2706 */       expandTemplate(new File(mTemplateDir, getWebHttpModeConfTemplate("https")), new File(mConfIncludesDir, getWebHttpModeConf("https")));
/* 2707 */       expandTemplate(new File(mTemplateDir, getWebHttpModeConfTemplate("both")), new File(mConfIncludesDir, getWebHttpModeConf("both")));
/* 2708 */       expandTemplate(new File(mTemplateDir, getWebHttpModeConfTemplate("redirect")), new File(mConfIncludesDir, getWebHttpModeConf("redirect")));
/* 2709 */       expandTemplate(new File(mTemplateDir, getWebHttpModeConfTemplate("mixed")), new File(mConfIncludesDir, getWebHttpModeConf("mixed")));
/* 2710 */       expandTemplate(new File(mTemplateDir, getWebHttpSModeConfTemplate("http")), new File(mConfIncludesDir, getWebHttpSModeConf("http")));
/* 2711 */       expandTemplate(new File(mTemplateDir, getWebHttpSModeConfTemplate("https")), new File(mConfIncludesDir, getWebHttpSModeConf("https")));
/* 2712 */       expandTemplate(new File(mTemplateDir, getWebHttpSModeConfTemplate("both")), new File(mConfIncludesDir, getWebHttpSModeConf("both")));
/* 2713 */       expandTemplate(new File(mTemplateDir, getWebHttpSModeConfTemplate("redirect")), new File(mConfIncludesDir, getWebHttpSModeConf("redirect")));
/* 2714 */       expandTemplate(new File(mTemplateDir, getWebHttpSModeConfTemplate("mixed")), new File(mConfIncludesDir, getWebHttpSModeConf("mixed")));
/*      */     } catch (ProxyConfException pe) {
/* 2716 */       handleException(pe);
/* 2717 */       exitCode = 1;
/*      */     } catch (SecurityException se) {
/* 2719 */       handleException(se);
/* 2720 */       exitCode = 1;
/*      */     }
/* 2722 */     if (!mDryRun) {
/* 2723 */       if (exitCode == 0) {
/* 2724 */         mLog.info("Proxy configuration files are generated successfully");
/* 2725 */         appendConfGenResultToConf("__SUCCESS__");
/*      */       } else {
/* 2727 */         mLog.info("Proxy configuration files generation is interrupted by errors");
/*      */       }
/*      */     }
/* 2730 */     return exitCode;
/*      */   }
/*      */   
/*      */   private static void handleException(Exception e) {
/* 2734 */     mLog.error("Error while expanding templates: " + e.getMessage());
/* 2735 */     appendConfGenResultToConf("__CONF_GEN_ERROR__:" + e.getMessage());
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */ 
/*      */   private static void appendConfGenResultToConf(String text)
/*      */   {
/* 2745 */     File conf = new File(mConfDir, getCoreConf());
/* 2746 */     if (!conf.exists()) {
/* 2747 */       return;
/*      */     }
/*      */     
/*      */     try
/*      */     {
/* 2752 */       FileWriter writer = new FileWriter(conf, true);
/* 2753 */       writer.write("\n#" + text + "\n");
/* 2754 */       writer.close();
/*      */     }
/*      */     catch (IOException e) {}
/*      */   }
/*      */   
/*      */ 
/*      */   private static void writeClientCAtoFile(String clientCA)
/*      */     throws ServiceException
/*      */   {
/* 2763 */     ProxyConfVar clientCAEnabledVar = null;
/*      */     
/* 2765 */     if (ProxyConfUtil.isEmptyString(clientCA)) {
/* 2766 */       clientCAEnabledVar = new ProxyConfVar("ssl.clientcertca.enabled", null, Boolean.valueOf(false), ProxyConfValueType.ENABLER, ProxyConfOverride.CUSTOM, "is there valid client ca cert");
/*      */       
/*      */ 
/*      */ 
/*      */ 
/* 2771 */       if ((isClientCertVerifyEnabled()) || (isDomainClientCertVerifyEnabled())) {
/* 2772 */         mLog.error("Client certificate verification is enabled but no client cert ca is provided");
/* 2773 */         int exitCode = 1;
/* 2774 */         System.exit(exitCode);
/*      */       }
/*      */     }
/*      */     else {
/* 2778 */       clientCAEnabledVar = new ProxyConfVar("ssl.clientcertca.enabled", null, Boolean.valueOf(true), ProxyConfValueType.ENABLER, ProxyConfOverride.CUSTOM, "is there valid client ca cert");
/*      */       
/*      */ 
/*      */ 
/* 2782 */       mLog.debug("Write Client CA file");
/* 2783 */       ProxyConfUtil.writeContentToFile(clientCA, getDefaultClientCertCaPath());
/*      */     }
/* 2785 */     mConfVars.put("ssl.clientcertca.enabled", clientCAEnabledVar);
/*      */     try {
/* 2787 */       mVars.put("ssl.clientcertca.enabled", clientCAEnabledVar.confValue());
/*      */     } catch (ProxyConfException e) {
/* 2789 */       mLog.error("ProxyConfException during format ssl.clientcertca.enabled", e);
/* 2790 */       System.exit(1);
/*      */     }
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */   static boolean isClientCertVerifyEnabled()
/*      */   {
/* 2799 */     String globalMode = ProxyConfVar.serverSource.getAttr("zimbraReverseProxyClientCertMode", "off");
/*      */     
/*      */ 
/* 2802 */     if ((globalMode.equals("on")) || (globalMode.equals("optional")))
/*      */     {
/* 2804 */       return true;
/*      */     }
/*      */     
/* 2807 */     return false;
/*      */   }
/*      */   
/*      */ 
/*      */ 
/*      */ 
/*      */   static boolean isDomainClientCertVerifyEnabled()
/*      */   {
/* 2815 */     for (DomainAttrItem item : mDomainReverseProxyAttrs) {
/* 2816 */       if ((item.clientCertMode != null) && ((item.clientCertMode.equals("on")) || (item.clientCertMode.equals("optional"))))
/*      */       {
/*      */ 
/* 2819 */         return true;
/*      */       }
/*      */     }
/*      */     
/* 2823 */     return false;
/*      */   }
/*      */   
/*      */   public static void main(String[] args) throws ServiceException, ProxyConfException {
/* 2827 */     int exitCode = createConf(args);
/* 2828 */     System.exit(exitCode);
/*      */   }
/*      */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/util/ProxyConfGen.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */